website/archive-key.mdwn

   1 [[meta title="Monkeysphere archive signing key"]]
   2 [[!template id="nav"]]
   3 [[toc ]]
   4
   5 ## Verifying the key ##
   6
   7 The [Monkeysphere apt repository](/download) is signed by this key, so
   8 you can verify that the packages come from the right place and have
   9 not been tampered with.
  10
  11 This key is certified by several of the Monkeysphere developers, and
  12 should be able to be found from the public keyservers with:
  13
  14         gpg --keyserver $KEYSERVER --recv EB8AF314
  15
  16 You should be able to verify the fingerprint like this:
  17
  18         [0 dkg@squeak ~]$ gpg --list-key --fingerprint http://archive.monkeysphere.info/debian
  19         pub   4096R/EB8AF314 2008-09-02 [expires: 2009-09-02]
  20               Key fingerprint = 2E8D D26C 53F1 197D DF40  3E61 18E6 67F1 EB8A F314
  21         uid       [  full  ] Monkeysphere Archive Signing Key (http://archive.monkeysphere.info/debian)
  22
  23         [0 dkg@squeak ~]$
  24
  25 And you can verify the fingerprints with:
  26
  27         gpg --list-sigs http://archive.monkeysphere.info/debian
  28
  29 If you believe that the repository has been tampered with, please [let
  30 us know](/community)!
  31
  32 ## The key itself ##
  33
  34 <pre>
  35 -----BEGIN PGP PUBLIC KEY BLOCK-----
  36 Version: GnuPG v1.4.9 (GNU/Linux)
  37
  38 mQINBEi9Ws0BEADUROJtI2VsWGI6jklofbCDw6webGi0nJTnKYSSxDE5XSWu6GtK
  39 PG4RiX/YGtL+kD8+z/pVAbjqdLNypqiK5VkTZp3cE+4Yv2jxySQJz/UMNZ2wO3U+
  40 9NAK2rJG3p0HhiTzAurJ2KqNstcMcPmqEDtP+J2tUHoIXttGiwFpss4R2hSBMlg+
  41 nNFc53FlTadF2z3LNNCozPf7wRST2Zqkeem84+Vo2X3zy7pGpSf9S/XEPW/ve0fs
  42 daADK9I6fZiqtrsb3/M3E3rESsD2YA+/25QA+XVJgtenTlaYEMkI0ARpd44oBHp7
  43 Oj0RbRZ0Wz6OYDiJl6D2YJ1nFRHhbx+tnCJvuqUUkv3HYD85mGWIow7ElX5fc4iT
  44 RdYUE3ebImES0gsaasNl3JUjuImNbrqqjQsAaN7JV77TqR8GGRLcalZkvIgY5b4a
  45 hRYY16rvUaqZ4aYpiZftvE0X07W+siYqGfCynOn0+iX80pKid8gATjrwGdQ6TBr7
  46 +yrBkmFTJFCCi5TS8gaJPdMJzYs7C3ou9XOWJLuwmnwn9edaCSTJ1Vgq+8eKjDj8
  47 NxER5vjtXdAJqCJm7d4eNgHYXTNqRPznJRsutVfkFwEIzGXvvhnnDC1PdnhBjBVI
  48 1+TbdSz9qKq3VaCxr6HNk9CBF2S0El3YMRmy0Zlf6/AOo9XiW3fp3LL6AwARAQAB
  49 tEpNb25rZXlzcGhlcmUgQXJjaGl2ZSBTaWduaW5nIEtleSAoaHR0cDovL2FyY2hp
  50 dmUubW9ua2V5c3BoZXJlLmluZm8vZGViaWFuKYkCPAQTAQIAJgUCSL1azQIbAwUJ
  51 AeEzgAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEBjmZ/HrivMUFIYP/30NIcTO
  52 EucC2S3YI+8UiedBfqM6iIJ9jS73avvfNdjv5MsfTeERXOGKgmE/JM2FwtIPgzOU
  53 R7qEu0W4WG2kYN+pABzpoRijm9F2zwNzSrZdzinClhxKBZzhg9tylvXdVxrdfAVS
  54 3XoQrAK5W/5zZBBmkW18bmlgu7hLY9jfYfwJH1/jhV40UtuWPW5kfBoZlrv9S4l2
  55 WUA7drrWlyk+h4Q/ZxF6aQljyI9a1oXNfcgpGCorIBNlMlwjNaL4DWmH4j/kchLG
  56 Vka35t3R5OjlRo8jsd12nc6gp0K3BdDTEd1AJQbqTS+sb+ocdeNpSUQoCn8XIg9V
  57 ELV9XE0n2vmvG3i4CJuOyHOHuW5IqJ1k8W4e9fikpBOmOy7Jdec5johI9wtkRiYg
  58 9i5vqM/wKSW14QCkLeQP/YtIK0o0J+FOj7FUTI+wM5AXGeva53McnzbiUnJPRFIR
  59 du8vvdmvu1wuWb3AWLIysU0bsbSSGZ9g7cX2p/qdH1Hvi2Ji8sM020WHBFuvRXEJ
  60 i8/RXiIxj0LR/DO8ihd/x1MTwfSTEZ6ecnywDv7Wtx19i5NRX5Ik72M75kzD29TW
  61 7mTsgZbYWrHT3gHmL3pWxPKa8nsEC/HUlcCnIrOPiwNcNu7+4L1ikbJXDRwVLjWP
  62 enmAs1srZ2+Pm2Gm1pM6uzl0qGR9J5GmdPf2iQIcBBABAgAGBQJIvVyrAAoJEMzS
  63 7ZTSFznpYQ0P/iTg3IlgNiRAlYXcrmiKKbMLSgUekQl6O7eUowXS9vKEyzgcxr3e
  64 DWARHsf01DrHJvkwdbaQPmq5mZcWxYaEdWY7VtCNHf11vnRV6ws7S3aiV3Hmf0II
  65 GaGBJywhDw/hkz2gTM3V71whYm1tgPbw/ilVqJtt8jVL9qbGsXer8Yx0iLFSCfaj
  66 SpgBo/1WlyxSm+i958ddSaQ+uTrAPgChYT7jseAIzF3UB95i00OkHaK30tb6SdWC
  67 4hgptMAhU0lW9tKDviMtoKUQa7LiCa4RyQ9TJQcsjJBoFVskcLl9f6GNEP72bN0V
  68 ly087Guvw8G8TdQcubteFYQDIxIc2atZkjEn3oCjtZgk8mdDlCjLQYgHV1/o+eWd
  69 /mb9mCtKvwo14LeKIIIYP19Z7142X2c2txSY3u6eNNo3ImqcPJNOM2xFqLcdSeVr
  70 S31RCBx16I7tJya0fwJJRC7qZWf7hrPdi7eqcecqyr26X5upV+Irjv5qYu/6HAGb
  71 59W6n+8KTfMxEMaBQI6qZXxhaBr3HzEaSrz7jtkl+xxym2TGkbarXcm7e7MP66Hu
  72 GD5UCC3svhAAxKXf4K/8v7WhwBpekF9mXtgpq72Du2JG9q+OAWhxzZXbZku+RY7T
  73 a83wKc1TaPvzK2WZlhNGjcCYSUXcfQOSn5noVTUukW3DNEKP5BmwkvVd
  74 =Xex0
  75 -----END PGP PUBLIC KEY BLOCK-----
  76 </pre>
  77
  78 ## Management of the key ##
  79
  80 The archive signing key is currently under the control of [Daniel Kahn
  81 Gillmor](http://cmrg.fifthhorseman.net/dkg), though the task of being
  82 the archive maintainer may be taken over by a different developer in
  83 the future.
  84
  85 In the event of a new archive maintainer, the entire archive will be
  86 rebuilt from signed tags in [the monkeysphere git
  87 repository](/community), rather than trying to re-verify the entire
  88 old archive.
  89
  90 ## Maintaining the archive ##
  91
  92 To create a new archive including a single monkeysphere package from
  93 tag `$TAG` on architecture `$ARCH`, do:
  94
  95         git clone git://git.monkeysphere.info/monkeysphere
  96         cd monkeysphere
  97         git tag -v $TAG
  98         git checkout $TAG
  99         debuild -uc -us
 100         cd repo
 101         reprepro -C monkeysphere include experimental ../$TAG_$ARCH.changes
 102
 103 When you get a binary package built from a separate architecture
 104 `$NEWARCH` that you want to include with the archive, do:
 105
 106         cd repo
 107         reprepro -C monkeysphere includedeb experimental ../$TAG_$NEWARCH.deb
 108
 109 To publish the archive, make sure you have access to
 110 `archivemaster@george.riseup.net`, and then do:
 111
 112         cd repo
 113         ./publish